This is the first question that will always be asked if you are setting up Azure for a client that works with government.
Both Azure and Azure Government uses same security controls. They are accessed and authorized at the FedRAMP high impact level. Azure Government provides an additional layer of protection to customers to screened US persons. This is used to store and process data subject to US export control regulation’s such as EAR, ITAR, and DoE 10 CFR Part 810.
Refer to this Microsoft article for details;
Take time to see which environments meet your needs. Many people are surprised at how robust the Azure [commercial] compliance space is. https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
Resources;